> And then WPA3 was released and, oh look, there’s Harkins’ Dragonfly protocol, right there in our wireless handshakes.
> It’s pretty clear to us that the WiFi standards groups triggered some ancient mummy curse, because the WiFi standards by themselves are a master class in everything that can go wrong with a crypto protocol. And, as Vanhoef and Ronen show, WPA3 is by itself a lesson in everything that can go wrong with a single handshake: invalid curve attacks! Protocol downgrade attacks! Timing attacks! They’ll teach this one in schools, unless the WiFi people come up with WPA4 or something, which will surely be even worse.
This can’t be real.
Are the WiFi standards groups really as incompetent as this page makes them out to be? These are the standards that everybody uses, right?
This seems especially unwarranted, since WPA3 is not, as you might assume from this, worse than WPA2, and the paper is explicit about that.
Indeed two of their attacks are trying to _degrade_ you to WPA2, which would be a terrible idea if WPA3 was weaker.
The paper shows that if you do WPA3 badly, you are vulnerable to a bunch of nasty attacks, and doing it well is resource intensive (which may it hard to justify in cheap / low-power WiFi implementations). That's a good criticism of WPA3, but it isn't a reason WPA2 was better since that extra resource is needed to deliver a feature WPA3 didn't have at all (Forward Secrecy).
At some point they have to compromise, and security suffers.
I don't deny it's a big challenge - but it's hardly a unique one.
FYI the calendar link in July 28 should probably be a href="/nominations" instead of "nominations". Clicking it from outside the home page brings you to a 404.
"all but disavows it’s existence"
should be "itss exisstence"
I would be very surprised if that didn't win in the "most over-hyped" category. None of the other nominees even come close to the amount of FUD that Bloomberg story raised.
The unpleasant truth is that you're faking something that users weren't even looking at. The _only_ way either S/MIME or PGP email could have made any dent whatsoever outside of a narrow crypto nerd fanbase is if the default behaviour for every message that doesn't verify was it is discarded unread. And that was never realistically going to happen.